Switched off your computer? This Intel chip bug can still allow hackers to remotely hijack it

A major vulnerability in Intel chips can allow hackers to remotely gain complete control of PCs. The bug, which was first disclosed last week, had remained undetected for nearly a decade. According to security experts, the vulnerability can allow hackers to remotely control a computer’s keyboard and mouse, even when the PC is switched off.

The bug came in a feature of Intel’s Active Management Technology (AMT), which is designed to allow administrators to remotely conduct maintenance work and other tasks such as software updates.

“This vulnerability has the potential of being a proverbial big one. The vulnerability has been part of the Intel chipsets for years, specifically the Management Engine (ME). The ME runs things like DRM (Digital Rights Management) and does TPM (Trusted Platform Modules) checks as well as AMT. AMT enables systems administrators to re-image bare metal machines over a remote connection,” Cris Thomas (AKA SpaceRogue), Strategist for Tenable Network Security, told IBTimes UK.

“To accomplish that, the AMT requires many privileges, from network access to writing to memory and disk,” he added. “The AMT is hardware and operates separately from any operating system installed on a system. Obviously, with this much power there is some protection: in this case, access to AMT is protected by a password. The vulnerability in AMT is that the password can be bypassed.”

According to security researchers at Embedi, who published a whitepaper about the AMT vulnerability, the flaw was detected in how the default “admin” account processes passwords. Researchers said the flaw ensured that the bug allowed anyone to log in, without even having to input anything at the login prompt.

The findings were also confirmed by security experts at Tenable, who said the flaw could be exploited remotely fairly easily.

It remains unclear as to how many devices may be affected. However, ZDNet reported that a Shodan search revealed that over 8,500 devices are vulnerable, with nearly 3,000 of those in the US. However, reports speculate that there could be thousands of other devices vulnerable as well.

Intel said it was working with computer makers to roll out security updates to fix the issue. “We expect computer-makers to make updates available beginning the week of May 8 and continuing thereafter,” Intel said in a statement.

IBTimes UK has reached out to Intel for further clarity on the matter and will update this article in the event of a response.